AES improvements on Intel CPUs
Werner Koch
wk at gnupg.org
Fri Feb 18 09:04:00 CET 2011
On Fri, 18 Feb 2011 07:20, smueller at chronox.de said:
> For example, is it possible to easily flip the FIPS switch for either padlock
> or AES-NI in cipher.c:cipher_table?
No, you would change
void
_gcry_detect_hw_features (unsigned int disabled_features)
{
hw_features = 0;
if (fips_mode ())
return; /* Hardware support is not to be evaluated. */
#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4
#ifdef __GNUC__
detect_ia32_gnuc ();
#endif
#elif defined (__i386__) && SIZEOF_UNSIGNED_LONG == 8
#ifdef __GNUC__
#endif
#endif
hw_features &= ~disabled_features;
}
to something like
void
_gcry_detect_hw_features (unsigned int disabled_features)
{
hw_features = 0;
#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4
#ifdef __GNUC__
detect_ia32_gnuc ();
#endif
#elif defined (__i386__) && SIZEOF_UNSIGNED_LONG == 8
#ifdef __GNUC__
#endif
#endif
if (fips_mode ())
hw_features &= MASK_OF_FIPS_ALLOWED_FEATURES;
hw_features &= ~disabled_features;
}
and those features are disabled.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gcrypt-devel
mailing list